Google Suite Skill

This skill appears to implement the advertised Gmail/Calendar/Drive features, but there are a few red flags you should consider before installing: - Metadata mismatch: The registry claims no required env vars and no install steps, but SKILL.md and the code require GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET, and GOOGLE_OAUTH_REDIRECT_URI and instruct you to pip install Google API libs. Treat the missing metadata as a packaging/quality issue and ask the publisher for clarification. - Sensitive credentials: You must provide an OAuth client ID and secret. Only supply these if you trust the publisher. The skill will launch a local OAuth flow and store tokens in google_suite_tokens.json in the skill folder (plain JSON). Ensure that file is stored in a secure/isolated environment and that file permissions prevent unauthorized access. - Broad scopes: The scopes include full Drive and Gmail modify/send access. If you only need read-only actions, consider narrowing scopes or using a different, less-privileged skill. - Source provenance: The skill has no homepage and an unknown source owner — prefer skills with a verifiable homepage or known publisher. If you plan to use it, review the included Python files yourself (they are present and readable) and consider running the skill in an isolated environment (VM/container) until you are comfortable. - Practical steps: (1) Verify the code matches SKILL.md (it does, but check token path and any changes), (2) run in an isolated account/VM, (3) set restrictive file permissions on google_suite_tokens.json, and (4) ask the publisher to fix metadata and provide a source/homepage for accountability. If you want, I can produce a checklist of exact commands to inspect the files, run the skill in a container, or help you narrow OAuth scopes for safer use.